CVE-2024-9855

Name of the Vulnerable Software and Affected Versions 07FLYCMS version 1.3.8 07FLY-CMS version 1.3.8 07FlyCRM version 1.3.8

Description A critical issue was found in the uploadFile function of the Module Plug-In Handler component, located in the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule 1. The manipulation of the file argument leads to unrestricted upload. This issue can be exploited remotely.

Recommendations For 07FLYCMS version 1.3.8, consider disabling the uploadFile function until a patch is available. For 07FLY-CMS version 1.3.8, restrict access to the /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule 1 file to minimize the risk of exploitation. For 07FlyCRM version 1.3.8, avoid using the file argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.